Research from HelpSystems surveyed 250 CIOs and CISOs in financial institutions and found that 35% found insider threats to have the potential to cause the most damage over the next 12 months. This statistic goes to show the purveying fear that surrounds financial institutions with insider security threats that could prove to be quite costly to them as the average data breach costs an organization $4.37 million, according to IBM’s Cost of a Data Breach Report 2020.
It’s very easy for insider security threats to come to fruition in financial organizations because of a number of common mishaps that may occur. Read on as we share more about the threat that insider security poses to financial institutions.
The common threats
An insider threat may occur in the form of a malicious and intentional form of insider theft in which a bad actor who works for the bank steals information. They can do this for financial gain or because they hold a grudge against the company.
Accidental insider thefts happen too in the form of phishing emails or other form of trickery that causes an employee to divulge sensitive company information such as a password or financial information.
Finally, there are also threats in the form of an outside actor hacking into an employee’s credentials and using their account to attain information.
These are all among the common threats of inside security that can harm a financial institution.
Why are these threats so common?
The sheer volume of data shared through SaaS applications means that companies need to keep tabs on sometimes hundreds of SaaS applications going on at once. The average organization employs 200 to 501 employees, using 123 SaaS apps.
This means that they have to keep tabs on 2,700 app-to-person connections on average. This doesn’t even include the amount of SaaS apps that are integrated through APIs. The large amount of data shared on a daily basis is what makes it hard to stop instances of cyberattacks in the form of insider security threats because of the popularity of phishing emails and other cyberthreats.
Things to do to reduce insider threats
- Establishing the tone of privacy and security from the top. Here are some examples on how to develop a strong security culture
- Social engineering via training and other forms of behavioral techniques to reward sensible data sharing and storage policies. We look at some of these in Power of Nudge in Data Privacy and Security.
- Understanding where sensitive data is shared in your organization. Is it Codebase, Chat services, Databases or Online File storage?
- Implementing Data Loss Protection solutions within your enterprise to reduce risk of accidental (or intentional) data leaks.